CVE-2024-48290 identifies a vulnerability in the Bluetooth Low Energy (BLE) stack of the Realtek RTL8762E BLE SDK version 1.4.0. Specifically, the issue arises from improper handling of the ll_terminate_ind packet, which is part of the Link Layer protocol used to terminate BLE connections. An attacker can exploit this by crafting and sending a malformed ll_terminate_ind packet to a vulnerable device, causing it to crash or become unresponsive, resulting in a Denial of Service (DoS) condition. The vulnerability does not require any authentication or user interaction, making it accessible to any attacker within BLE radio range. The CVSS 3.1 base score is 4.3, reflecting a medium severity primarily due to the limited impact scope (availability only) and the requirement for physical proximity to the device. The vulnerability is classified under CWE-1284, which relates to improper handling of protocol messages leading to resource exhaustion or service disruption. No patches or mitigations have been officially released at the time of publication, and no active exploitation has been reported. This vulnerability affects embedded devices and IoT products that integrate the Realtek RTL8762E BLE SDK v1.4.0, which is commonly used in consumer electronics, wearables, and smart home devices.

The primary impact of CVE-2024-48290 is a Denial of Service (DoS) on devices using the vulnerable Realtek RTL8762E BLE SDK. This can disrupt Bluetooth connectivity, causing devices to crash or become unresponsive, which may degrade user experience or interrupt critical device functions. For consumer devices such as wearables, smart home gadgets, or health monitors, this could lead to temporary loss of service or data transmission interruptions. In industrial or enterprise environments where BLE devices are used for automation, asset tracking, or access control, the DoS could result in operational disruptions or security monitoring gaps. Since the attack requires proximity and BLE communication capability, remote exploitation is not feasible, limiting the threat to local attackers. The vulnerability does not expose sensitive data or allow code execution, so confidentiality and integrity impacts are negligible. However, repeated or targeted DoS attacks could cause significant inconvenience or operational delays in environments relying heavily on BLE connectivity.

To mitigate CVE-2024-48290, organizations and device manufacturers should: 1) Monitor Realtek and vendor advisories for patches or firmware updates addressing this vulnerability and apply them promptly once available. 2) Implement BLE connection filtering to restrict pairing and communication to trusted devices only, reducing exposure to unauthorized attackers. 3) Employ physical security controls to limit attacker proximity to BLE-enabled devices, especially in sensitive or critical environments. 4) Use BLE protocol anomaly detection tools or intrusion detection systems where feasible to identify and block malformed or suspicious packets. 5) For device manufacturers, consider updating the BLE stack to validate and sanitize all incoming Link Layer packets robustly, preventing malformed packet processing. 6) Educate users about the risks of connecting to unknown or untrusted BLE devices and encourage disabling BLE when not in use. These measures collectively reduce the attack surface and the likelihood of successful exploitation.